Cyber Essentials Guides

Complete guides to UK Cyber Essentials certification, the five technical controls, and audit preparation.

What is Cyber Essentials?

If you're exploring security certifications for your UK-based organisation, Cyber Essentials is likely on your radar. This government-backed scheme provides a clear framework for protecting against the most common cyber attacks—and for many organisations, it's becoming a prerequisite for doing business.

Who Needs Cyber Essentials?

Cyber Essentials certification is mandatory for certain UK government contracts and increasingly expected across the private sector. Understanding whether certification is right for your organisation—and which level you might need—can help you plan accordingly.

The Five Technical Controls

Cyber Essentials is built around five fundamental technical controls. These controls address the most common attack vectors and, when properly implemented, provide effective protection against the majority of commodity cyber attacks targeting UK organisations.

Firewalls: Your First Line of Defence

Firewalls are the first of Cyber Essentials' five technical controls. They create a protective barrier between your trusted internal network and untrusted external networks, controlling what traffic can flow in and out of your organisation.

Secure Configuration: Reducing Your Attack Surface

Secure configuration is about ensuring computers and network devices are set up to minimise vulnerabilities. Default settings are typically designed for ease of use during setup—not for security. Adjusting them can significantly reduce your risk.

Security Update Management: Staying Protected

Security update management (also known as patch management) is about keeping software current and protected against known vulnerabilities. When a vulnerability is discovered and publicised, attackers often develop exploits quickly. Timely patching is one of the most effective ways to protect your organisation.

User Access Control: Right People, Right Access

User access control ensures that only authorised individuals can access your systems and data—and that their access is limited to what they actually need. This control helps prevent both external attackers and insider threats from reaching sensitive resources.

Malware Protection: Your Last Line of Defence

Malware protection is the fifth Cyber Essentials control. Even with firewalls, secure configurations, updates, and access controls in place, malware can still potentially reach your systems. This control provides an important final layer of defence.

Cyber Essentials vs Cyber Essentials Plus: Which Do You Need?

Cyber Essentials offers two certification levels: the self-assessment Basic level and the independently verified Plus level. Understanding the differences can help you choose the right certification for your organisation's needs.

The Self-Assessment Questionnaire: Completing Cyber Essentials Basic

The Cyber Essentials self-assessment questionnaire (SAQ) is how you demonstrate compliance with the five technical controls. Understanding what's asked—and preparing properly—can make the difference between a smooth certification process and frustration.

Cyber Essentials Plus Technical Audit: What to Expect

The Cyber Essentials Plus audit is an independent technical verification of your security controls. Unlike the self-assessment Basic certification, Plus involves actual testing of your systems. This guide helps you understand what happens during the audit so you can prepare effectively.

Certification Bodies and IASME: Choosing Your Assessor

Cyber Essentials certification is delivered through a network of certification bodies accredited by IASME. Understanding how the certification ecosystem works can help you choose the right assessor for your organisation.

Cyber Essentials Costs and Timeline: Planning Your Certification

Understanding the costs and timeline for Cyber Essentials certification helps you plan effectively. This guide covers what to budget and what to expect for both Basic and Plus certifications.

Cyber Essentials Compliance Checklist: Complete Preparation Guide

This comprehensive checklist covers everything you need to implement for Cyber Essentials certification. Use it to assess your current state, plan any necessary changes, and verify readiness before starting your assessment.

Maintaining Cyber Essentials Certification: Ongoing Compliance

Cyber Essentials certification is valid for 12 months. Maintaining certification requires ongoing attention to the five controls and timely recertification. This guide covers how to stay compliant year-round—so recertification is straightforward rather than stressful.

Benefits of Cyber Essentials Certification

Cyber Essentials is more than a compliance requirement—it delivers real value across business development, security posture, and operational efficiency. This guide explores the practical benefits organisations gain from certification.

Ready to get Cyber Essentials certified?

Let our experts guide you through Cyber Essentials certification. We'll handle the complexity so you can focus on your business.

Talk to an expert

Bastion Platform

AI Compliance

All-in-One Security

Security Engineers

Tackle more frameworks without more effort.

Wall of Trust

Case Studies

By Company Size

By Industry

Blog

Learn Compliance

Developer

Company